I can’t ban an IP for MAIL and DB - it bans only for one rule.
Also how can I distinguish RECIDIVE banned IP rule?
You could try using fail2ban-client command line?
$: fail2ban-client status
Status
|- Number of jail: 5
- Jail list: dovecot-iptables, exim-iptables, hestia-iptables, recidive, ssh-iptables
$: fail2ban-client status recidive
Status for the jail: recidive
|- Filter
| |- Currently failed: 94
| |- Total failed: 190
| - File list: /var/log/fail2ban.log
- Actions
|- Currently banned: 51
|- Total banned: 53
- Banned IP list: 103.114.107.87 121.130.176.55 193.169.254.107
$: fail2ban-client set hestia-iptables banip 1.1.1.1
1
$: fail2ban-client status hestia-iptables
Status for the jail: hestia-iptables
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| - File list: /var/log/hestia/auth.log
- Actions
|- Currently banned: 1
|- Total banned: 1
- Banned IP list: 1.1.1.1
There are other ways to ban IPs permanently, with fail2ban, and also with the firewall and ipset, but you’ll have to do your own research on those.
1 Like